
AI Safety & Governance
Get a competitive advantage through robust AI safety and Governance strategies
Frequently Asked
Questions.
Yes - and this surprises many executives. The EU AI Act has explicit extraterritorial scope: if your AI system's output is used within the EU, or you serve EU customers, the regulation applies regardless of where your company is headquartered. Providers and deployers outside the EU are in scope whenever the AI output is intended for use within the Union.
For businesses operating globally or selling into European markets, this means compliance obligations are not optional. The enforcement phase for high-risk AI systems begins in August 2026, with fines for breaching prohibited practices reaching up to €35 million or 7% of worldwide annual turnover. If you haven't mapped your AI exposure yet, the window to do so responsibly is narrowing.
Compliance is the floor; governance is how you build above it. Compliance means meeting specific legal requirements — documenting your systems, classifying risk levels, and satisfying audit requirements. Governance is the broader organizational infrastructure: who makes AI decisions, how risks are escalated, how ethics are embedded into product development, and how your board maintains oversight.
A business can be technically compliant with a regulation yet still expose itself to significant reputational, operational, or ethical risk if no real governance structure exists. The organizations leading on AI right now treat governance as a strategic asset — not a box-ticking exercise.
The EU AI Act uses a risk-based tiered model. High-risk AI systems face significant compliance obligations around risk mitigation, data governance, transparency, security, and human oversight — and are subject to conformity assessments and fundamental rights impact assessments.
High-risk use cases include AI used in employment decisions, access to essential services, education, biometric identification, and financial risk assessment. Business uses of biometric identification, such as employee management, could be deemed high-risk.
If you're using AI tools across HR, customer scoring, credit, or operations — even third-party tools — a formal classification exercise is essential. Many businesses discover they have more high-risk exposure than expected once they map their full AI landscape.